<?php
	require 'mysql.php';
	require 'password.php';

	$old_pass = $_POST['old_pass'];
	$new_pass = $_POST['new_pass'];
	$con_new_pass = $_POST['con_new_pass'];

	$query_string = '?';
	$error_flag = false;
	if(!preg_match("/^.{6,16}$/", $old_pass)) {
		$error_flag = true;
		$query_string = $query_string . "err_old_pass=$old_pass&";
	}
	if(!preg_match("/^.{6,16}$/", $new_pass)) {
		$error_flag = true;
		$query_string = $query_string . "err_new_pass=&";
	}
	if($new_pass != $con_new_pass) {
		$error_flag = true;
		$query_string = $query_string . "err_con_pass=";
	}
	if($error_flag) {
		header('Location: ../change_pass.php' . "$query_string");
		die('wrong input.');
	}

	$origin = 'select passwd from student where sid=?';
	session_start();
	$sid = $_SESSION['sid'];
	session_write_close();
	if(!mysqli_stmt_prepare($mysqli_stmt, $origin)) {
		die('Statement Preparation Fail, Error: (' . mysqli_stmt_errno($mysqli_stmt) . ')' . mysqli_stmt_error($mysqli_stmt));
	}

	if(!mysqli_stmt_bind_param($mysqli_stmt, 's', $sid)) {
		die('Statement Parameter Binding Fail, Error: (' . mysqli_stmt_errno($mysqli_stmt) . ')' . mysqli_stmt_error($mysqli_stmt));
	}

	if(!mysqli_stmt_execute($mysqli_stmt)) {
		die('Statement Execution Fail, Error: (' . mysqli_stmt_errno($msyqli_stmt) . ')' . mysqli_stmt_error($mysqli_stmt));
	}

	if(!mysqli_stmt_bind_result($mysqli_stmt, $pass)) {
		die('Statement Result Binding Fail, Error: (' . mysqli_stmt_errno($mysqli_stmt) . ')' . mysqli_stmt_error($mysqli_stmt));
	}

	if(!mysqli_stmt_store_result($mysqli_stmt)) {
		die('Statement Storing Result Fail, Error: (' . mysqli_stmt_errno($mysqli_stmt) . ')' . mysqli_stmt_error($mysqli_stmt));
	}

	if(1 != mysqli_stmt_num_rows($mysqli_stmt)) {
		die('Statement Affected Rows Error: (' . mysqli_stmt_errno($mysqli_stmt) . ')' . mysqli_stmt_error($mysqli_stmt));
	}

	if(!mysqli_stmt_fetch($mysqli_stmt)) {
		die('Statement Fetch Row Error: (' . mysqli_stmt_errno($mysqli_stmt) . ')' . mysqli_stmt_error($mysqli_stmt));
	}

	if(!password_verify($old_pass, $pass)) {
		$query_string = $query_string . "err_old_pass=$old_pass";
		header('Location: ../change_pass.php' . "$query_string");
		die('Old Password is Wrong.');
	}

	mysqli_stmt_free_result($mysqli_stmt);

	mysqli_autocommit($mysqli);

	$origin = 'update student set passwd=? where sid=?';
	if(!mysqli_stmt_prepare($mysqli_stmt, $origin)) {
		die('Statement Preparatio Fail, Error (' . mysqli_stmt_errno($mysqli_stmt) . ')' . mysqli_stmt_error($mysqli_stmt));
	}

	$hash_pass = password_hash($new_pass, PASSWORD_BCRYPT);

	if(!mysqli_stmt_bind_param($mysqli_stmt, 'ss', $hash_pass, $sid)) {
		die('Statement Parameter Binding Fail, Error (' . mysqli_stmt_errno($mysqli_stmt) . ')' . mysqli_stmt_error($mysqli_stmt));
	}

	if(!mysqli_stmt_execute($mysqli_stmt)) {
		mysqli_rollback($mysqli);
		die('Statement Execution Fail, Error (' . mysqli_stmt_errno($mysqli_stmt) . ')' . mysqli_stmt_error($mysqli_stmt));
	}

	if(1 != mysqli_stmt_affected_rows($mysqli_stmt)) {
		mysqli_rollback($mysqli);
		die('Statement Affected Rows Error: (' . mysqli_stmt_errno($mysqli_stmt) . ')' . mysqli_stmt_error($mysqli_stmt));
	}

	mysqli_commit($mysqli);

	header('Location: ../change_pass_success.php');
?>
